Introduction

As cloud computing has exploded over the last two decades, so has the need for security professionals who understand how the cloud works. Enter the Certified Cloud Security Professional (CCSP) certification. The CCSP was introduced in 2015 and has quickly become the de facto standard for cloud security certifications around the globe. Today, more than 10,000 security professionals have earned the coveted CCSP designation worldwide, and that number is quickly growing!

Cloud computing, as we know it, first became widely available circa 2006 when Amazon created the first enterprise cloud service offering, Amazon Web Services (AWS). Since then, Google, Microsoft, and a host of other companies have burst on the scene with their very own cloud services. Today, cloud computing is more mainstream than ever, with most research firms estimating the public cloud market to top $1 trillion worldwide by 2028. With most estimates putting cloud spend above 60 percent of all tech spend, the need for informed cloud professionals has never been greater.

While we continue to experience this massive cloud boom, cloud security has not so quietly become front-and-center for most organizations. Companies want to ensure that their most important business and customer data remain safe when moved to the cloud, and they need skilled and qualified practitioners to make that happen. That’s where you (and the CCSP) come in!

You may be familiar with the CCSP’s bigger sibling: the Certified Information Systems Security Professional (CISSP). The CISSP certification has been around since 1994 and has amassed quite a following in information security circles. (As of this writing, there are more than 160,000 CISSPs worldwide.) The CCSP serves the same purpose for one of the fastest growing information security subareas — cloud security. It’s all but inevitable that the CCSP will continue its ascent among the most essential industry certifications around the world.

About this Book

Information security is one of the broadest domains of Information Technology. Add to that the complexities of cloud computing, and it’s easy to see why many people are scared off by the field of cloud security. A true cloud security professional is a Jack (or Jill) of all trades — they know the ins and outs of data security and protection and also understand how cloud architectures are designed, managed, and operated. The CCSP credential seeks to validate that the holder has mastered the sweet spot between the two worlds. This task may sound daunting, but don’t fret! CCSP For Dummies breaks these topics down into bite-sized chunks to help you digest the material, pass the exam, and apply your knowledge in the real world.

While you can find tons of books and resources available to study information security, cloud security resources are a bit harder to come by. Perhaps the field is still too young, or maybe it really is too daunting for some authors and publishers to assemble. Many of the books that do exist either don’t cover all of the necessary facets of cloud security or are overly complex encyclopedic volumes.

In CCSP For Dummies, Wiley and I have put together a book that covers all of the topics within the CCSP Common Body of Knowledge (CBK) in a straightforward, easy-to-read manner. And this second edition has been updated to address the latest and greatest topics from the CCSP Exam Outline and beyond. You’ll find this book to be overflowing with useful information, but written with the battle-tested For Dummies approach and styling that helps countless readers learn new topics. In addition, I try to inject many of my own experiences working in cloud security to give you practical views on some otherwise abstract topics.

As wonderful as I think this book is — and I hope you feel the same way after reading it — you shouldn’t consider any single resource to be the Holy Grail of cloud security. CCSP For Dummies creates a framework for your CCSP studies and includes the information you need to pass the CCSP exam, but will not single-handedly make you a cloud security know-it-all. Reaching the top of the cloud security mountain requires knowledge, skills, and practical experience. This book is a great start, but not the end of your cloud security journey.

Foolish Assumptions

I’ve been told that assumptions are dangerous to make, but here I am making them anyway! At a minimum, I assume the following:

• You have at least five years of general IT experience, at a minimum — preferably more. In order to follow the topics in this book and pass the CCSP exam, you need to have a great deal of knowledge of the technologies that form the foundation of cloud computing. This assumption means that you’re comfortable referring to basic computing terms like CPU and RAM and also have experience with things like databases, networks, and operating systems.
• You have at least a high-level understanding of information security concepts and technologies. You should be familiar with things like access control and encryption, and you should understand the concepts of confidentiality, integrity, and availability. I expect that many readers have already achieved the prestigious CISSP certification. If you’re among this group, then you’re not only ready for this book, but you also satisfy all of the CCSP’s experience requirements (which I discuss in Chapter 1). If you don’t have sufficient information security knowledge or if you need to brush up on some basic security concepts, then you’re in luck — I’ve written Chapter 2 just for you!
• You have a minimum of one year paid work experience in one or more of the six domains of the CCSP CBK (that make up Chapters 3 through 14 of this book). This expectation is not just an assumption, but an explicit requirement of the CCSP exam. Certain educational and certification achievements (such as earning CSA’s CCSK) can be substituted for this experience requirement.
• You will use what you know and what you learn in this book for good, not evil. You’ll be a responsible security professional and abide by the (ISC)2 Code of Ethics (which is a requirement for CCSP certification).

Icons Used in This Book

This book is full of useful information, but every once in a while, something extra useful or important pops up and deserves some extra attention. Keep an eye out for the following icons throughout this book. Each has its own specific meaning, and identifies something you should take note of.

The Tip icon marks tips (duh!) and extra tidbits of information that can help you grasp some of the more challenging concepts in the text. When I use this icon, I’m trying to point out some extra information that can help you on your exam.

These icons may not help you remember your spouse’s birthday, but they’ll surely come in handy for the CCSP exam. I use the Remember icon to point out stuff that’s especially important to know for the exam. These are the things that might trip you up on the exam if you don’t commit them to your long-term memory. Consider these your CCSP lifesavers.

The Technical Stuff icon marks information of a highly technical nature that may not necessarily be needed for the CCSP exam, but gives you deeper insight, if you want it. If you’re a fan of tech jargon, then keep an eye out for this icon.

The Warning icon is the closest I can get to flashing red lights and sirens. I use this icon to tell you to watch out! It marks important information that may save you headaches — or missed points on the exam. Keep an eye out for Warning icons, as they point out those silly mistakes that are otherwise easy to avoid.

Beyond the Book

CCSP For Dummies comes with a few extra goodies to help you prepare for the CCSP exam. My hope is that the book gives you the foundation you need to pass the test, but these extra resources can help put you over the top.

In addition to the book you’re reading right now, you have access to some helpful Cheat Sheets that you can use to quickly reference things like common cloud security risks and the shared responsibility model. Keep these Cheat Sheets handy to reference whenever you may not have this book at your fingertips. To access your Cheat Sheets, head over to www.dummies.com and type CCSP For Dummies Cheat Sheet in the Search bar.

To help you assess your knowledge, you also have access to 100 flashcards and 200 online practice questions (two sets of 100 questions). You can use the flashcards to reinforce some key CCSP terms, topics, and concepts. I reference the relevant chapter that each flashcard comes from so that you can revisit specific subjects, if necessary. I’ve written the practice questions to mimic the multiple-choice style of questions you’ll see on the CCSP exam. Use these practice sets to verify your mastery of important topics, and identify topics or domains that you may need to brush up on.

To access your flashcards and online practice questions, simply follow these steps to register your book and activate your account:

1. Register your book or ebook at Dummies.com to get your PIN. Go to www.dummies.com/go/getaccess.
2. Select your product (in this case, it’s CCSP For Dummies) from the dropdown list on that...